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DETAILED ACTION 
Response to Amendment 

1 . The Examiner has accepted changes made to the claims. 

Response to Arguments 

2. Applicant's arguments filed 1 1 February 2005 have been fully considered but 
they are not persuasive. 

3. Referring to the rejection of claim 1 , the Applicant contends and argues that the 
prior art Belissent (US Patent 6,789,203) does not disclose a collector adapted to 
receive such statistics from a routing system of a computer network as only provided by 
the present invention. The Examiner respectfully disagrees and asserts that Belissent 
does teach a collector (throttler unit) is capable of receiving data packet flow information 
routed from a network. A data packet flow statistic is considered by the throttler unit. 
(See Column 5, lines 36-56) 

4. Referring to the rejection of claim 1 , the Applicant contends and argues that the 
prior art Belissent (US Patent 6,789,203) does not disclose detecting one or more data 
packet flow anomalies to generate a signal nor disclose tracking attributes related to 
one or more data packet flow anomalies to a source. The Examiner disagrees and 
asserts that however, Belissent does teach a throttler unit as means for detecting data 
packet flow anomalies once a request rate has been exceeded (i.e. anomalies) the 
processing unit directs the throttler unit to prevent any further acceptance of connection 
requests from the offending requestor. This method allows the throttler unit to determine 
the offending requestor (i.e. source). The client's unique IP address (i.e. tracking 
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attributes) is used by the throttler as a means for identifying and preventing any denial 
of service attacks. (See Column 5, lines 36-67, Column 6, lines 1-17) 
5. Therefore, the rejection of claims 1 -33 are maintained in view of the reasons 
above and in view of the reasons below. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

2. Claims 1-33 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Belissent (US Patent No. 6,789,203). 

Regarding claim 1 , Belissent teaches a system for detecting, tracking and 
blocking one or more denial of service attacks over a computer network, the system 
comprising: 

a collector adapted to receive a plurality of data statistics from the computer 
network and to process the plurality of data statistics to detect one or more data packet 
flow anomalies and to generate a signal representing the one or more data packet flow 
anomalies (col. 5 lines 45-56), and 

a controller coupled to the collector to receive the signal (col.6 lines 2-17: 

throttler unit 216) ; 
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wherein the controller is constructed and arranged to respond to the signal by 
tracking attributes related to the one or more data packet flow anomalies to at least one 
source, and wherein the controller is constructed and arranged to block the one or more 
data packet flow anomalies (col.6 lines 2-17: throttler unit 216). 

Regarding claim 2, Belissent teaches the collector includes a buffer coupled to 
the computer network and being adapted to process the plurality of data statistics to 
generate at least one record (col. 5 lines 36-51). 

Regarding claim 3, Belissent teaches the collector further includes a profiler 
coupled to the buffer and being adapted to receive and process the record to generate a 
predetermined threshold (col. 5 line 48 thru col.6 line 17). 

Regarding claim 4, Belissent teaches the profiler includes means for aggregating 
the data statistics to obtain a traffic profile of network flows (col.5 line 48 thru col.6 line 
17). 

Regarding claim 5, Belissent teaches the data statistics are aggregated base on 
at least one invariant feature of the network flows (col.5 line 48 thru col.6 line 17). 

Regarding claim 6, Belissent teaches data statistics are aggregated based on 
temporal, statistic network and dynamic routing parameters (col.5 line 48 thru col.6 line 
17). 

Regarding claim 7, Belissent teaches the at least one invariant feature includes 
source and destination endpoints (col.5 line 48 thru col.6 line 17). 

Regarding claim 8, Belissent teaches the collector further includes a detector 
coupled to the buffer and to the profiler, the collector being adapted to receive and 
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process the record and the predetermined threshold to detect if attributes associated 
with the record exceed the predetermined threshold representing the one or more data 
packet flow anomalies (col. 5 line 48 thru col.6 line 17). 

Regarding claim 9, Belissent teaches the collector further includes a local 
controller coupled to the detector and to the profiler and being adapted to receive and 
respond to the one or more data packet flow anomalies by generating the signal 
representing the one or more data packet flow anomalies (col. 5 line 48 thru col.6 line 
17). 

Regarding claim 1 0, Belissent teaches the detector includes a database for 
storing the at least one record, predetermined threshold, the one or more data packet 
flow anomalies, and related information (col.5 lines 56-61). 

Regarding claim 1 1 , Belissent teaches the profiler includes a database for storing 
a plurality of data packet flow profiles and related information (col.5 lines 56-61 ). 

Regarding claim 12, Belissent teaches the controller includes a filtering 
mechanism for blocking the one or more data packet flow anomalies (col.5 line 48 thru 
col.6 line 17, col.6 lines 26-40). 

Regarding claim 1 3, Belissent teaches the filtering mechanism includes a 
plurality of filter list entries (co1.5 line 48 thru col.6 line 17, co1.6 lines 26-40). 

Regarding claim 14, Belissent teaches the filtering mechanism includes a 
plurality of rate limiting entries (col.5 line 48 thru col.6 line 17-, col.6 lines 26-40). 

Regarding claim 1 5, Belissent teaches the controller includes a correlator 
coupled to the collector and being adapted to receive and normalize the plurality of 
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signals representing the one or more data packet flow anomalies and to generate an 
anomaly table including the attributes related to the one or more data packet flow 
anomalies (col. 5 line 48 thru col.6 line 17; col.6 lines 41-44). 

Regarding claim 16, Belissent teaches the correlator includes a database for 
storing the anomaly table (col. 5 lines 56-61, col.6 lines 41-44). 

Regarding claim 17, Belissent teaches the correlator further includes an adapter 
that is constructed and arranged to communicate the anomaly table to a computing 
device for further processing (col. 5 lines 56-61). 

Regarding claim 18, Belissent teaches the controller further includes. : 

a web server (col. 5 lines 6-9), and 

access scripts that cooperate with the web server to enable the access the 
database defined on the controller to view the computing device to anomaly table (col. 5 
line 56 thru col.6 line 17). 

Regarding claim 19, Belissent teaches a system comprising: 

at least one routing system (col. 5 lines 42-56), 

a plurality of computer systems coupled to the routing system, and means for 
detecting one or more denial of service attacks communicated to the plurality of 
computer systems over the at least one routing system (col.1 lines 46-51, col. 5 lines 4- 
9, col. 5 line 48 thru col.6 line 17. 

Regarding claim 20, Belissent teaches a means for tracking the one or more 
denial of service attacks communicated to the plurality of computer systems over the at 
least one routing system (col. 5 line 34 thru col.6 line 17). 
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Regarding claim 21 , Belissent teaches a means for blocking the one or more 
denial of service attacks communicated to the plurality of computer systems over the at 
least one routing system (col. 5 line 34 thru col.6 line 17). 

Regarding claim 22, Belissent teaches means for detecting includes a means for 
collecting a plurality of data statistics from the at least one routing system (col. 5 line 34 
thru col.6 line 17). 

Regarding claim 23, Belissent teaches the means for detecting further includes a 
means for processing the plurality of data statistics to detect one or more data packet 
flow anomalies (col.5 line 34 thru col.6 line 17). 

Regarding claim 24, Belissent teaches the means for detecting further includes a 
means of generating a plurality of signals representing the one or more data packet flow 
anomalies (col.5 line 34 thru col.6 line 17). 

Regarding claim 25, Belissent teaches the means for tracking includes a means 
for receiving and responding to the plurality of signals by tracking attributes related to 
the one or more data packet flow anomalies to at least one source (col.5 line 34 thru 
col.6 line 17). 

Regarding claim 26, Belissent teaches a means for communicating the one or 
more denial of service attacks to a computing device for further processing (col .5 line 

34 thru col.6 line 17). 

Regarding claim 27, Belissent teaches a method for detecting, tracking and 
blocking one or more denial of service attacks over a computer network, the system 
comprising the steps of: 
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collecting a plurality of data statistics from the computer network; 
processing the plurality of data statistics to detect one or more data packet flow 
anomalies, 

generating a plurality of signals representing the one or more data packet flow 
anomalies, and 

receiving and responding to the plurality of signals by tracking attributes related 
to the one or more data packet flow anomalies to at least one source (col. 5 line 34 thru 
col.6 line 17). 

Regarding claim 28, Belissent teaches the step of blocking the one or more data 
packet flow anomalies in close proximity to the at least one source (col. 5 line 34 thru 
col.6 line 17). 

Regarding claim 29, Belissent teaches the step of collecting the plurality of data 
statistics includes: 

buffering the plurality of data statistics', 

processing the plurality of data statistics to generate at least one record', and 

receiving and profiling the at least one record to generate a predetermined 
threshold (col. 5 line 34 thru col.6 line 17). 

Regarding claim 30, Belissent teaches the step of collecting the plurality of data 
statistics further includes: 

detecting if attributes related to the at least one record exceed the predetermined 
threshold representing the one or more data packet flow anomalies (col. 5 line 34 thru 
col.6 line 17). 
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Regarding claim 31 , Belissent teaches the step of collecting the plurality of data 
statistics further includes: 

responding locally to the one or more data packet flow anomalies by generating 
the plurality of signals representing the one or more data packet flow anomalies (col. 5 
line 34 thru col.6 line 17). 

Regarding claim 32, Belissent teaches the step of receiving and responding to 
the plurality of signals includes: 

correlating the plurality of signals representing the one or more data packet flow 
anomalies, and 

generating an anomaly table including the attributes related to the one or more 
data packet flow anomalies (col. 5 line 34 thru col.6 line 17). 

Regarding claim 33, Belissent teaches the step of receiving and responding to 
the plurality of signals further includes the step of communicating the anomaly table to a 
computing device for further processing (col.5 line 34 thru col.6 line 17). 

Conclusion 

3. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Courtney D. Fields whose telephone number is 571- 
272-3871. The examiner can normally be reached on Mon - Thurs. 6:00 - 4:00 pm; off 
every Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on 571-272-3868. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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